CDW’s report notes “employees need to know what to do when faced with a threat. They also need to know how to take preventive measures to prevent malware.” Districts can take several steps to elevate the cybersecurity conversation and keep bad actors away from critical data.

One of those critical steps is making users aware of how to spot possible hacks. This should be an essential component of any training module moving forward.

Students should be taught how to become better digital citizens in order to help schools avoid data breaches. Begin by teaching them about privacy concerns and how to manage their digital identities. A good place to start is the International Society for Technology in Education’s Standards for Students. There are similar standards for educators and education leaders.

Time Equals Money Lost in Data Breaches

Besides the time lost when a cyberattack happens, there’s also a financial incentive to train users to steer clear of suspicious looking emails.

The Education Department announced recently it would strip any K–12 school district of Title IV funding if it did not adhere to “reasonable methods” to protect student data.

Staff should prepare for this possibility by planning and testing recovery strategies well in advance, since schools aren’t exempt from the risk of an attack.

Right now, according to the CDW report, just 30 percent of IT professionals are extremely confident their processes and people can stave off cyberattacks. The report also found that only 34 percent of IT pros are extremely confident their technology resources could mitigate risks over the next year.

“People need training and guidance,” says Attai. “We can’t expect them to be able to understand what we mean when we say, ‘protect the privacy and security of data’ without giving them instructions on how to do that well.”

This article is part of the "Connect IT: Bridging the Gap Between Education and Technology" series. Please join the discussion on Twitter by using the #ConnectIT hashtag.